Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/06/30 4:0 p.m.58 views

CVE-2017-10709

CVE-2017-10709 affects Elephone P9000 devices running Android 6.0. The lockscreen can be bypassed to defeat the wrong-PIN lockout by pressing backspace after each PIN guess, using physical proximity as the attack vector. Documented impact indicates confidentiality, integrity, and availability may...

7.2CVSS6.5AI score0.00335EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.58 views

CVE-2017-11087

CVE-2017-11087 affects libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the mediaserver path copies the output buffer to an application using the “filled length,” which can exceed the output buffer’s actual size, causing an information disclosure. Publicly...

7.5CVSS7.2AI score0.00543EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.58 views

CVE-2017-13228

CVE-2017-13228 affects Android (versions 6.0–8.1) via an out-of-bounds write in libavc ih264d_ref_idx_reordering caused by modCount defined as an unsigned char. This can lead to remote code execution with user interaction; CVSS indicates HIGH impact. Patches are described in the Android Security ...

9.3CVSS8.8AI score0.01465EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.58 views

CVE-2017-13269

CVE-2017-13269 is an Android information-disclosure flaw in Bluetooth affecting Android 5.1.1–8.1 (Android IDs A-68818034). The Pixel/Nexus bulletin classifies it as ID-type with Moderate severity and partial confidentiality impact. The issue is addressed in the March 2018 Android bulletin; apply...

4.3CVSS4.2AI score0.00195EPSS
CVE
CVE
added 2024/11/15 10:0 p.m.58 views

CVE-2017-13313

CVE-2017-13313 affects the Android Media framework (ESQueue.cpp, ElementaryStreamQueue::dequeueAccessUnitMPEG4Video). The issue is an infinite loop caused by an incorrect bounds check, leading to remote denial of service with no additional privileges required. Availability impact is DoS; exploita...

7.5CVSS6.7AI score0.00218EPSS
CVE
CVE
added 2025/01/28 4:51 p.m.58 views

CVE-2017-13318

CVE-2017-13318 affects HeifDataSource::readAt in HeifDecoderImpl.cpp, where an integer overflow can cause an out-of-bounds read leading to information disclosure. Exploitation requires user interaction and the attacker must be able to trigger the affected code path (AV: Adjacent, UI: Required). R...

5.7CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2020/04/07 3:50 p.m.58 views

CVE-2017-18652

CVE-2017-18652 affects Samsung mobile devices running M(6.0) and N(7.x). The issue is that SVoice can be exploited to execute arbitrary code by manipulating dynamic libraries, enabling code execution with the privileges of the compromised process. The vulnerability is tied to the SVoice component...

9.8CVSS9.7AI score0.00676EPSS
CVE
CVE
added 2020/04/07 2:24 p.m.58 views

CVE-2017-18682

The CVE-2017-18682 entry concerns Samsung mobile devices across KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) where AudioService can crash the system due to incorrect exception handling and an unprotected intent. Affected Samsung identifiers are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117. Connecte...

7.8CVSS7.5AI score0.00422EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2017-8262

CVE-2017-8262 is documented in multiple sources as a use-after-free race condition in Qualcomm components (GPU driver) within CAF Android Linux-kernel builds. Affected software is Qualcomm’s GPU driver stack integrated in CAF Android releases; root cause described as a race in memory allocation/f...

7.6CVSS6.7AI score0.00345EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2017-8270

Technical details about CVE-2017-8270 are not publicly provided in the connected documents. The available sources only reiterate a race condition in Qualcomm CAF/Linux kernel driver; monitor for updates and disclosures.

7CVSS6.7AI score0.00284EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.58 views

CVE-2017-9698

CVE-2017-9698 relates to Android for MSM, Firefox OS for MSM, and QRD Android builds based on CAF Linux kernels. The vulnerability stems from improperly specified offset/size values for a submission command, which can trigger a math operation overflow and lead to access to arbitrary memory. The c...

7.8CVSS7.4AI score0.00138EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.58 views

CVE-2018-12006

The CVE-2018-12006 entry applies to CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux kernel. Root cause: uninitialized padding in a display function. Impact: local attackers with no privileges may access leaked data (information disclosure). Exploitation ...

5.5CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.58 views

CVE-2018-12010

CVE-2018-12010: Concrete details in connected docs show a stack overflow with memory corruption in the trustzone region affecting Android releases using CAF’s Linux kernel. The root cause is an absence of length sanity checks in the kernel path, leading to potential local impact on trustzone. Rep...

7.8CVSS7.8AI score0.00142EPSS
CVE
CVE
added 2020/04/08 5:4 p.m.58 views

CVE-2018-21078

The CVE-2018-21078 entry relates to Samsung mobile devices running M(6.0), N(7.x), and O(8.0) where the Contacts app improperly secures Supplementary Service (SS) and USSD codes, enabling attackers to originate video calls. Public details in the provided documents note the Samsung ID SVE-2018-114...

7.5CVSS7.5AI score0.00346EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.58 views

CVE-2018-5849

CVE-2018-5849 affects Qualcomm QTEECOM driver on Android (CAF) where a race condition when multiple HLOS clients load the same TA can cause a Use-After-Free, enabling Elevation of Privilege. Documented impact is EoP with High/Partial confidentiality/integrity/availability implications; CVSSv3 bas...

7CVSS6.5AI score0.00119EPSS
CVE
CVE
added 2024/11/19 6:48 p.m.58 views

CVE-2018-9340

CVE-2018-9340 affects Android Framework: in ResStringPool::setTo of ResourceTypes.cpp an attacker can cause mStringPoolSize to be out of bounds, leading to information disclosure. Root cause is out-of-bounds handling in ResStringPool. The CVE is listed in Android’s June 2018 security bulletin, wi...

7.5CVSS6.2AI score0.00152EPSS
CVE
CVE
added 2024/11/19 7:26 p.m.58 views

CVE-2018-9409

The CVE-2018-9409 entry affects Android’s Media framework, specifically the HWC (Hardware Composer) path: HWCSession::SetColorModeById in hwc_session.cpp. The root cause is a missing bounds check, leading to a possible out-of-bounds write. This could enable local elevation of privilege with no ad...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2024/11/19 9:22 p.m.58 views

CVE-2018-9421

CVE-2018-9421 is a local information-disclosure flaw in Android’s Media framework involving Parcel.cpp writeInplace and Binder; uninitialized data could leak across processes. Current documents confirm the issue and indicate it affects Android devices via local access with no user interaction. Th...

5.5CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2024/12/02 9:36 p.m.58 views

CVE-2018-9430

CVE-2018-9430 is an out-of-bounds write in btif_storage.cc (prop2cfg) that can lead to remote code execution without user interaction. Affected: Android Pixel/Nexus devices; root cause described as incorrect bounds check triggering a write beyond limits. Impact: high (RCE), network attack vector ...

9.8CVSS7.4AI score0.00385EPSS
CVE
CVE
added 2024/12/03 12:2 a.m.58 views

CVE-2018-9441

CVE-2018-9441 affects the Android Pixel/Nexus stack, caused by an out-of-bounds read in sdp_copy_raw_data within sdp_discovery.cc due to an incorrect bounds check. This vulnerability enables local information disclosure without extra execution privileges; exploitation requires user interaction. M...

5.5CVSS8.1AI score0.00085EPSS
CVE
CVE
added 2024/11/19 10:19 p.m.58 views

CVE-2018-9456

CVE-2018-9456 affects Google Android components, specifically the SDP utility: sdpu_extract_attr_seq in sdp_utils.cc. The issue is a possible out-of-bounds read due to an incorrect bounds check, enabling remote denial-of-service without extra privileges or user interaction. Connected sources (Red...

7.5CVSS6.7AI score0.00289EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.58 views

CVE-2018-9493

CVE-2018-9493 affects Android’s Download Manager content provider, with an SQL injection due to improper input validation. This could lead to local information disclosure without extra privileges or user interaction. Affected Android versions include 7.0–9.0. The provided sources describe the iss...

5.5CVSS5.5AI score0.0086EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.58 views

CVE-2018-9585

The CVE-2018-9585 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 in the NFC subsystem. Root cause: a missing bounds check in nfc_ncif_proc_get_routing within nfc_ncif.cc leads to an out-of-bounds write. Impact: local elevation of privilege with no additional execution privileges needed;...

7.8CVSS6.2AI score0.00186EPSS
CVE
CVE
added 2019/11/13 5:44 p.m.58 views

CVE-2019-2036

CVE-2019-2036 affects Google Android where in HidHostService.java the function okToConnect contains an incorrect state check, enabling a possible permission bypass. This could allow remote escalation of privilege with no additional execution privileges or user interaction required. The vulnerabil...

10CVSS9AI score0.02038EPSS
CVE
CVE
added 2020/03/24 6:24 p.m.58 views

CVE-2019-20557

CVE-2019-20557 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The vulnerability allows attackers to bypass Factory Reset Protection (FRP) by manipulating a SIM card to block the PUK code. The issue is a device-side bypass of FRP, with the described impact being the inability t...

4.6CVSS4.8AI score0.00134EPSS
CVE
CVE
added 2020/03/24 7:1 p.m.58 views

CVE-2019-20590

CVE-2019-20590 affects Samsung mobile devices running O(8.x) software on Qualcomm chipsets, with an integer underflow in the Secure Storage Trustlet (Samsung ID SVE-2019-13952). Connected sources (Red Hat, NVD, CVE listing) confirm the vulnerable component and root cause as an underflow in Secure...

9.8CVSS9.3AI score0.00443EPSS
CVE
CVE
added 2020/03/24 7:27 p.m.58 views

CVE-2019-20612

The CVE-2019-20612 entry applies to Samsung mobile devices running N(7.x) and O(8.x) firmware that use Broadcom Wi‑Fi and SEC Wi‑Fi chipsets. The issue is a denial-of-service condition triggered by TCP SYN packets directed at the Wi‑Fi subsystem, with the vulnerability described as a problem in t...

7.5CVSS7.5AI score0.00415EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.58 views

CVE-2019-9373

Technical details about CVE-2019-9373 are not provided in the supplied documents. Monitor for updates from official advisories; no specific affected products, payloads, or mitigations are disclosed here.

5.5CVSS6AI score0.00234EPSS
CVE
CVE
added 2020/01/08 6:34 p.m.58 views

CVE-2020-0008

CVE-2020-0008 affects Android 8.0–10 and is described as a race-condition in LowEnergyClient::MtuChangedCallback that can cause an out-of-bounds read. The issue enables local information disclosure without requiring user interaction or additional privileges. The vulnerability is documented across...

4.7CVSS4.3AI score0.00117EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.58 views

CVE-2020-0024

CVE-2020-0024 affects Android 8.0–10 in SettingsBaseActivity.java via a permissions bypass in onCreate, enabling local escalation of privilege. Exploitation requires user interaction and does not require initial execution privileges, per the NVD entry. Affected products are Android 8.0/8.1/9/10; ...

7.8CVSS7.6AI score0.0016EPSS
CVE
CVE
added 2020/03/10 7:55 p.m.58 views

CVE-2020-0033

CVE-2020-0033 involves an out-of-bounds write in CryptoPlugin::decrypt (CryptoPlugin.cpp) causing local elevation of privilege on Android. The issue arises from a stale pointer in the CryptoPlugin decryption path, requiring LOCAL access with LOW attack complexity and no user interaction (per CVSS...

7.8CVSS7.7AI score0.00199EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.58 views

CVE-2020-0035

Technical details for CVE-2020-0035 are not provided in the connected documents; the available materials describe a local information disclosure in TelephonyProvider.java affecting Android 8.0–9. Monitor for updates.

5.5CVSS5.1AI score0.00162EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.58 views

CVE-2020-0101

CVE-2020-0101 affects Android devices (Android 8.0–10) and is linked to the BnCrypto::onTransact path in ICrypto.cpp. The vulnerability is an information disclosure due to uninitialized data, enabling local information exposure with system privileges, and requires no user interaction. Public docu...

5.5CVSS5AI score0.0014EPSS
CVE
CVE
added 2020/09/18 3:6 p.m.58 views

CVE-2020-0263

CVE-2020-0263 affects Android 11, specifically the Accessibility service. A security issue causes a permission bypass via an unsafe PendingIntent, enabling local information disclosure without user interaction (local attacker privileges required). The Core impact is information disclosure with hi...

5.5CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2020/09/18 3:27 p.m.58 views

CVE-2020-0365

CVE-2020-0365 affects Android 11 netd; root cause is a missing bounds check causing an out-of-bounds read that can lead to a remote DoS without user interaction. Exploitation is Local with low complexity; impact is DoS with partial availability impact. Remediation: addressed in Android 11 release...

5.5CVSS6.2AI score0.00243EPSS
CVE
CVE
added 2020/09/17 8:50 p.m.58 views

CVE-2020-0425

Technical details about CVE-2020-0425 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/06/04 5:5 p.m.58 views

CVE-2020-13834

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided connected documents; monitor for updates.

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2020/10/06 6:15 p.m.58 views

CVE-2020-26597

The CVE-2020-26597 entry concerns LG mobile devices running Android 9.0–10, where the Wi‑Fi subsystem has an incorrect input validation that leads to a crash. The issue is tied to LG’s internal ID LVE-SMP-200022 (October 2020). Affected component: Wi‑Fi stack on affected LG devices; root cause st...

7.5CVSS7.4AI score0.00415EPSS
CVE
CVE
added 2020/10/06 6:14 p.m.58 views

CVE-2020-26598

CVE-2020-26598 affects LG mobile devices running Android 8.0–9.0, with the issue in the Network Management component. The root cause is described as a vulnerability that could allow an unauthorized actor to terminate (kill) an established TCP connection. CVSS metrics indicate a network vector wit...

7.5CVSS7.4AI score0.00333EPSS
CVE
CVE
added 2020/11/08 4:4 a.m.58 views

CVE-2020-28344

CVE-2020-28344 affects LG mobile devices running Android 8.0–10. The root cause is a missing NULL parameter check leading to a NULL pointer dereference, which may cause system services to crash. The available documents (NVD, Red Hat, CVE listing) reiterate this description; no specific CVE patch ...

7.8CVSS7.5AI score0.00417EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.58 views

CVE-2021-0401

Summary: CVE-2021-0401 describes a memory corruption due to a race condition in vow that could enable local privilege escalation to SYSTEM on Android devices (Android-10/Android-11). The issue is triggered by a race in vow’s handling, requiring user interaction for exploitation. The patches refer...

6.9CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2021/03/04 8:57 p.m.58 views

CVE-2021-25334

CVE-2021-25334 concerns an improper input validation in Samsung mobile devices’ wallpaper service. The vulnerability could allow an untrusted application to cause a permanent denial of service, due to an input check flaw in the wallpaper service. Affected products are Samsung mobile devices (prio...

5.5CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2021/10/06 5:10 p.m.58 views

CVE-2021-25490

CVE-2021-25490 documents a keyblob downgrade attack in Samsung’s Keymaster TA (TrustZone) that enables triggering IV reuse with a privileged process. The root cause is related to the legacy keyblob/blob implementation in Keymaster, allowing misuse of initialization vectors. Affected devices inclu...

6CVSS6.1AI score0.00751EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.58 views

CVE-2022-20014

The CVE-2022-20014 entry concerns the vow driver, where improper input validation can cause memory corruption leading to local escalation of privilege with System execution privileges required. Exploitation does not require user interaction according to the description. The vulnerability is assoc...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2022/01/04 3:57 p.m.58 views

CVE-2022-20021

CVE-2022-20021 involves the Bluetooth stack failing to handle multiple LMP_host_connection_req messages, enabling remote denial of service without additional privileges or user interaction. The issue is described across multiple feeds as a Bluetooth crash risk, including MediaTek chip references....

6.5CVSS6.4AI score0.00267EPSS
CVE
CVE
added 2022/08/11 3:7 p.m.58 views

CVE-2022-20242

CVE-2022-20242 describes a side-channel information disclosure in Android 13’s Telephony component that can reveal whether an app is installed, without query permissions. This enables local information disclosure with no user interaction, as indicated in the description. Affected product: Android...

5.5CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2022/08/11 3:10 p.m.58 views

CVE-2022-20254

CVE-2022-20254 affects Android 13 Wi‑Fi: a permissions bypass allows local escalation of privilege from a guest user with no extra privileges and no user interaction required. The vulnerability is described across multiple sources (Android 13 security release notes and CVE entries) as a Wi‑Fi per...

8.8CVSS8.3AI score0.00175EPSS
CVE
CVE
added 2022/08/11 3:12 p.m.58 views

CVE-2022-20266

In CVE-2022-20266, the Android 13 Companion component is affected by improper input validation that can allow a service to run with elevated importance without showing a foreground service notification. This enables local elevation of privilege and requires user interaction to exploit; no extra e...

5CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2022/08/11 3:14 p.m.58 views

CVE-2022-20273

Summary: CVE-2022-20273 affects the Android Bluetooth stack on Android 13, involving an out-of-bounds read caused by a heap buffer overflow that could lead to remote information disclosure. Exploitation requires no user interaction and can be attempted from an adjacent network position (attack ve...

6.5CVSS6.7AI score0.00218EPSS
CVE
CVE
added 2022/08/11 3:17 p.m.58 views

CVE-2022-20284

CVE-2022-20284 affects Android 13 Telephony. A missing permission check enables local information disclosure of phone accounts; no user interaction is required. Exploitation requires user privileges (LOW) and local access (UI:N). Impact is confined to confidentiality (HIGH); integrity/availabilit...

5.5CVSS5.5AI score0.00089EPSS
Total number of security vulnerabilities8153